Hackers hoping to cash-in on the success of Google’s hugely-popular Chrome web browser are trying to trick users into downloading a fraudulent update that installs malware designed to steal bank account details. Known as Chtonic, those unlucky enough to accidentally install the malware onto their PC could find themselves seriously out of pocket.
Security researchers from Proofpoint discovered the troubling new malware campaign. Some 18,000 messages promoting the fake Google Chrome update have already been sent to web browser users, Proofpoint research shows. Most of these were mailed between June and July 2020 and seem to be targeted at those in Canada, France, Germany, Spain, Italy, the United Kingdom, and the United States.
If you mistakenly click on the link inside the scam message – the site analyses your location, operating system and browser. If you meet the requirements, you’ll be led to a spoof update page telling you that your version of Google Chrome is out of date.
The fraudulent update notification is a pretty good imitation of genuine Google webpages. Not only that, but the additional criteria checks before the webpage is displayed makes the update warning feel more convincing. After all, if you can navigate to the same webpage on an iPhone running Safari, you’re less likely to believe that the warning on your PC is real. But the fact that you have to be running Chrome on a vulnerable operating system to even see the cybercriminals’ message will surely convince more people to click prominent Update button on the spoof webpage.
Another version of the same scam is designed to target those running Windows Internet Explorer.
According to the team at Proofpoint, “while this technique isn’t new, it’s still effective because it exploits the intended recipient’s desire to practice good security hygiene. Keeping software updated is a common piece of security advice, and this actor uses that to their advantage.”
As threats move from desktop to popular mobile platforms, like Android and iOS, sometimes a classic still works. There’s nothing particularly inventive in this latest campaign, but it’s still worryingly effective.
The hackers are using known Trojan Chthonic to steal confidential login credentials for your online bank accounts – potentially allowing them to lift funds from your account behind your back. The fraudulent Chrome and Internet Explorer update webpages also contain remote-control software NetSupport. Although this is a legitimate tool to access your PC’s desktop when out-and-about, Proofpoint says that it is “often abused by threat actors.”
This could allow the cybercriminals to gain further access to your machine.
If you believe you have been impacted by this threat, contact your bank. It might be possible to cancel any fraudulent transactions – or better yet – change your security credentials before the hackers have a chance to break-in.
It’s important to always use a unique password for each online account. Create a unique password for each account that uses a combination of words, numbers, symbols, and both upper- and lower-case letters. And remember that some of the most secure – not to mention the easiest to remember – passwords are actually passphrase. Just to use a phrase or sentence, like the opening sentence to your favourite novel, a poem, or the opening line to a hilarious joke.